LowEndBox - Cheap VPS, Hosting and Dedicated Server Deals

Will GitHub Ever Remove This Nulled WHMCS Repo?

On January 20 (over 2 weeks ago), I was searching for something on GitHub and came across this repo:

GitHub Piracy 1

It’s still there, as of this writing.

What’s it about?  I’ll let their README tell it:

WHMCS v 7.4 Full – 100% Decoded (deioncubed) & Nulled and free updates!

we are happy to announce that our team has fully 100% deioncubed the WHMCS and nulled ( removed all callbacks ).

  1. 100% decoded pure PHP code The program code is full decoded from Ioncube, unprotected and you don’t need Ioncube Loader extension anymore This is not usual WHMCS “nulled” package, like everyone else is selling. Not usual just cracked license file version, all other files ioncube encoded, with all the home-calls still active and waiting for your installation to be detected an blocked! This is different unique package. You get from us what no one is able to provide – the 100% pure PHP version! So you can investigate and change the code. This fully decoded pure PHP version is also great for programmers, to get to know how the code works, and change it if needed!

  2. 100% nulled All callbacks (“home calls”) back to the original developers are removed, so your software can’t and won’t get blocked!

  3. FULL License You get from us the license with all plugins activated and no branding is displayed!

There’s an email for a domain called decoded.whmcs-nulled.ir.  The website is gone now (archive).

Does it actually work?  No idea, and I really have no interest in testing it since I don’t need a nulled WHMCS.  But clearly this is piracy.

And apparently it’s been out there for quite a while:

GitHub Piracy 2

BTW, WHMCS 8.9 is in beta at the moment.  7.4 was from 2017.

Since GitHub has a “Report Repository” feature (on the right of the typical repo page), I figured I’d do the right thing.  Clicking that takes you to a page where you can fill out a form.

I chose “I want to report harmful code, such as malware, phishing, or cryptocurrency abuse.”  Maybe looking back I should have chosen “I want to report a copyright, trademark violation, or private information” but at the time I was thinking that perhaps this contained something that stole credentials (I didn’t read through the code line by line).  Wouldn’t be the first nulled software that did something nefarious.

I said in my ticket:

This repo states that it is nulled, di-ioncubed code from WHMCS, which is proprietary software. This is obvious piracy hosted on GitHub.

I got an email reply within a minute:

Thank you for contacting GitHub Support. We wanted to let you know that we’ve received your message. We are experiencing high volumes and therefore, you may experience longer than normal wait times. In the meantime, you may find answers to commonly asked questions in our community forum or in our documentation.

Keep in mind that GitHub is owned by Microsoft which is a $2.5 trillion-dollar firm, so…let’s keep those excuses about being flooded with traffic you can’t handle in check, guys.

That was January 20.

On January 25th, I got:

Thanks for taking the time to let us know. Our team is currently investigating the account in question to determine if their content or conduct violates GitHub‘s Terms of Service.

And that was the last update.

Now it’s February 5 and the repo is still there.

How long does it take to “investigate” this?  I think anyone could look at that and conclude it’s piracy within 30 seconds.  It’s not as if they need to check it against some database of code or have a PHP guru go in and deeply analyze things.  The title of the repo says it all!





  1. dt:

    I had a look at few php files and .. wow, how bad is WHMCS written!

    February 5, 2024 @ 1:50 pm | Reply
  2. Random171:

    Why are you trying to report a 6 year old repo for some commercial software? If WHMCS hasn’t reported it, maybe it doesn’t matter. (Apologies for my attitude, there’s just a lot of free(d) software out there, and it seems funny to me that you’ve gone out of your way to report it when you come across but one of them.)

    There are no instructions anyway. People would not even be able to run it.

    February 8, 2024 @ 3:41 pm | Reply
    • As an example of how lame and nonfunctional GitHub’s piracy handling is.

      February 13, 2024 @ 8:22 pm | Reply
  3. Random189:

    To run it you just need the original installation of WHMCS and then replace all of the php files with the ones in GitHub and you no longer have to pay a monthly/yearly fee to WHMCS that’s how it works

    February 12, 2024 @ 3:26 pm | Reply
  4. Michael Foland:

    I obviously pay for WHMCS, but I’ve actually learned some things by looking at their code base. I believe WHMCS still needs to update alot of features, including the Licensing Addon. I have reported te Repo to Github before. I’m shocked it’s still up.

    February 27, 2024 @ 2:37 pm | Reply
  5. KickassAMd:


    March 22, 2024 @ 4:10 pm | Reply
    • Michael F:

      Not a snitch. It’s simple.. don’t use pirated software.

      March 22, 2024 @ 4:45 pm | Reply
      • KickassAMD:

        Who cares if it is there or not… Does it hurt you? No… Do you pay for WHMCS? Great… Do I pay for WHMCS, yes… Do others not… It really is not that big a deal to warrant a silly blog post.

        May 8, 2024 @ 1:16 pm | Reply
  6. Dan Gle:

    Boo hoo. It’s a good educational resource and…not very useful for much else given its age. There are less than 0 victims and you’re here crying about it. Weirdo.

    April 3, 2024 @ 1:37 pm | Reply

Leave a Reply

Some notes on commenting on LowEndBox:

  • Do not use LowEndBox for support issues. Go to your hosting provider and issue a ticket there. Coming here saying "my VPS is down, what do I do?!" will only have your comments removed.
  • Akismet is used for spam detection. Some comments may be held temporarily for manual approval.
  • Use <pre>...</pre> to quote the output from your terminal/console, or consider using a pastebin service.

Your email address will not be published. Required fields are marked *